03bec58d7056f2df90463de8d78dfa7777ca784a161b70de6cd30cfd360e7cb3

Analysis

max time kernel
136s
max time network
147s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
08-08-2023 18:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a064262f260c97727718fe1c0be406ca_cryptolocker_JC.exe
Size

82KB
MD5

a064262f260c97727718fe1c0be406ca
SHA1

88f687f88a9df90a85603f43b6c237a05ccd5b84
SHA256

03bec58d7056f2df90463de8d78dfa7777ca784a161b70de6cd30cfd360e7cb3
SHA512

f41aa99e40e1246844d0e15652d4d8a195e4c6310cadfd8298ee8b015a511b4652036799d557ac010acfef8797a6d5da6837f44c45b514a21fa0faca3709b866
SSDEEP

1536:vj+jsMQMOtEvwDpj5H8u8rBN6nqEZNi1OkQ1:vCjsIOtEvwDpj5H8zPs7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2044	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
1700	a064262f260c97727718fe1c0be406ca_cryptolocker_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 2044	1700	a064262f260c97727718fe1c0be406ca_cryptolocker_JC.exe	28
PID 1700 wrote to memory of 2044	1700	a064262f260c97727718fe1c0be406ca_cryptolocker_JC.exe	28
PID 1700 wrote to memory of 2044	1700	a064262f260c97727718fe1c0be406ca_cryptolocker_JC.exe	28
PID 1700 wrote to memory of 2044	1700	a064262f260c97727718fe1c0be406ca_cryptolocker_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\a064262f260c97727718fe1c0be406ca_cryptolocker_JC.exe
"C:\Users\Admin\AppData\Local\Temp\a064262f260c97727718fe1c0be406ca_cryptolocker_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
82KB

MD5
652dc157b654102ac53b5c3566827baf

SHA1
f724d8465cf7a8e2bbeeaa1b5d0a30d886ae2f1b

SHA256
fe9ecfc82314f79ac0af906194b46890b0263347ea49ba45fe54e4c9d3888c55

SHA512
2ded0ac26bd8b9efae02df6ea323785373435e1c498d6bd139a1c3226f53c31073bd441e64d611da452484557c8c22ee8611ce73b3bc413a2b582fd2c40bde60

Download Submit
C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
82KB

MD5
652dc157b654102ac53b5c3566827baf

SHA1
f724d8465cf7a8e2bbeeaa1b5d0a30d886ae2f1b

SHA256
fe9ecfc82314f79ac0af906194b46890b0263347ea49ba45fe54e4c9d3888c55

SHA512
2ded0ac26bd8b9efae02df6ea323785373435e1c498d6bd139a1c3226f53c31073bd441e64d611da452484557c8c22ee8611ce73b3bc413a2b582fd2c40bde60

Download Submit
\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
82KB

MD5
652dc157b654102ac53b5c3566827baf

SHA1
f724d8465cf7a8e2bbeeaa1b5d0a30d886ae2f1b

SHA256
fe9ecfc82314f79ac0af906194b46890b0263347ea49ba45fe54e4c9d3888c55

SHA512
2ded0ac26bd8b9efae02df6ea323785373435e1c498d6bd139a1c3226f53c31073bd441e64d611da452484557c8c22ee8611ce73b3bc413a2b582fd2c40bde60

Download Submit
memory/1700-54-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/1700-56-0x0000000000330000-0x0000000000336000-memory.dmp

Filesize
24KB

Download
memory/1700-55-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2044-69-0x0000000000270000-0x0000000000276000-memory.dmp

Filesize
24KB

Download